« List of all CVEs

CVE-2012-2125

Published: 10/1/2013 Last updated: 8/6/2024 Reserved: 4/4/2012

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-ruby

Products affected (2)

Product Vendor Version
n/a n/a < 2022.1.5
n/a n/a < 41b70df5b38bc80967d2e0ed55cc3c3896bba781

References (32)